DATA PROCESSING POLICY
DRA ALEJANDRA AZCÁRATE (the “controller”), as the party responsible for the processing of personal data and in compliance with the provisions contained in Law 1581 of 2012, its regulatory decrees and other concordant regulations, informs the owners that their personal data will be processed in accordance with the company’s personal data processing policy, which can be consulted at this link.
Purpose:
The purpose of this Policy is to provide the necessary and sufficient information to the different Users and interest groups, as well as to establish the guidelines that guarantee the protection of personal data that are subject to processing through the procedures and services carried out by DRA ALEJANDRA AZCÁRATE, in order to comply with the law, policies and procedures for addressing the rights of the holders, criteria for collection, storage, use, circulation and deletion that will be given to personal data.
Recipients:
This policy will apply to all physical and digital databases containing personal data that are subject to processing by DRA ALEJANDRA AZCÁRATE, considered as the controller. Likewise, in those cases in which it operates as the person in charge of processing personal data.
The policy is aimed at ensuring that people in general have at their disposal the necessary and sufficient information about the different treatments and purposes for which their data will be subjected, as well as the rights that they, as holders of personal data, can exercise against DRA ALEJANDRA AZCÁRATE when it has the role of controller of their personal data.
This policy is mandatory for all natural or legal persons responsible for the administration of personal databases of DRA ALEJANDRA AZCÁRATE to know and comply with.
Scope:
The scope of the policy is to (i) provide an expeditious and legal process to the different requests and claims made by the Data Subjects, (ii) comply with the requirements of the current regulations on Personal Data Protection, as well as any requirement arising from the principle of proven responsibility, (iii) provide due protection to the interests and needs of the Data Subjects processed, and (iv) provide information related to the personal data protection law.
Scope:
Guiding principles:
In the development, interpretation and application of the law, regulations and current regulations, the following principles shall be applied in a harmonious and comprehensive manner:
Principle of Legality in Data Processing: Processing is a regulated activity that must be subject to the provisions of Law 1581 of October 17, 2012, regulatory decrees and other provisions that develop it.
Principle of Purpose: Processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be reported to the Owner.
Principle of Freedom: Processing may only be carried out with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives consent.
Principle of Truthfulness or Quality: Information subject to Processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fragmented or misleading data is prohibited.
Principle of Transparency: The processing must guarantee the right of the Data Subject to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data that concerns him/her.
Principle of Restricted Access and Circulation: The processing is subject to the limits that arise from the nature of personal data, the provisions of the law and the Constitution. In this sense, the processing may only be carried out by persons authorized by the Data Subject and/or by the persons provided for in the law.
Principle of Security: The information subject to processing by the Data Controller or the Data Processor referred to in the law must be handled with the technical, human and administrative measures that are necessary to ensure the security of the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.
Principle of Confidentiality: Representatives of DRA ALEJANDRA AZCÁRATE who are involved in the Processing of Personal Data that are not public in nature are obliged to guarantee the confidentiality of the information.
Principle of Necessity: The personal data processed must be strictly necessary for the fulfilment of the purposes pursued with the database.
Special categories of data:
Sensitive data: Sensitive data is understood to be data that affects the privacy of the Data Subject or whose misuse may lead to discrimination, such as data that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sexual life and biometric data.
Processing of sensitive data: Processing of sensitive data is prohibited, except when:
The Data Subject has given explicit authorization to such Processing, except in cases where the granting of such authorization is not required by law.
The Processing is necessary to safeguard the vital interest of the Data Subject and he or she is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.
The Processing refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process.
The Processing has a historical, statistical or scientific purpose. In this event, measures must be taken to suppress the identity of the Holders.
Rights of children and adolescents: The processing of personal data of children and adolescents is prohibited, except when it is data of a public nature, and when said processing complies with the following parameters and/or requirements:
That they respond to and respect the best interests of children and adolescents
That respect for their fundamental rights is ensured.
Once the above requirements have been met, the legal representative of the children or adolescents will grant authorization, after the minor has exercised his or her right to be heard, an opinion that will be assessed taking into account the maturity, autonomy and capacity to understand the matter.
Processing and purposes:
The purposes of processing include:
Maintaining constant contact with clients and potential clients, to develop the contractual obligation derived from the provision of services.
Promoting Firm events and sending newsletters.
Introducing the services offered by the company.
Evaluating the quality of the services provided by the company.
Sending service proposals, or maintaining contact in the event that service proposals are pending.
In cases where the company has access to sensitive data, the owner will be informed about the optional nature of the response to the questions asked, when these relate to sensitive data or the data of girls, boys and adolescents.
Transfer and transmission of personal data:
The company may transfer and transmit personal data to third parties with whom it has an operational relationship that provide it with services necessary for its proper operation. In such cases, the necessary measures will be adopted so that the persons who have access to your personal data comply with this Policy and with the principles of personal data protection and obligations established in the Law.
Rights and legal conditions for data processing:
Rights of the holders: In the Processing of Personal Data by the company, the rights of the holders of Personal Data will be respected at all times, which are:
To know, update and rectify the Data in front of the Data Processor(s).
To request proof of the authorization granted, or any other that the holder of the Personal Data subscribes for this purpose, except when it is expressly excepted as a requirement for the Processing of data in accordance with the law.
To be informed, upon request, regarding the use that has been given to the data.
To submit complaints to the Competent Authority for violations of the provisions of the law and other regulations that modify, replace or add to it.
To revoke the authorization and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees.
Access free of charge to the Personal Data that have been subject to Processing.
Authorization of the owner: Without prejudice to the exceptions provided for in the law, the Processing requires the prior and informed authorization of the Owner, which must be obtained by any means that can be subject to subsequent consultation. It will be understood that the authorization complies with these requirements when it is expressed (i) in writing, (ii) orally or (iii) through unequivocal conduct of the owner that allows to reasonably conclude that he/she granted the authorization, such as when, for example, a resume, a private document, contract, invoice, among others, is sent to the company.
Supply of information: The information requested by the Owners of personal information will be supplied mainly by electronic means, or by any other means only if so requested by the Owner. The information supplied by the company will be delivered without technical barriers that prevent its access; its content will be easy to read, access and must correspond in all respects to that which is in the database.
Persons to whom the information may be provided: The information that meets the conditions established by law may be provided to the following persons:
To the Holders, their successors in title or their legal representatives.
To public or administrative entities in the exercise of their legal functions or by court order.
To third parties authorized by the Holder or by law.
Duties of those responsible for the treatment and those in charge of the treatment: The company, as the person responsible for the Treatment, must comply with the following duties, without prejudice to the other provisions provided for in the law and in others that govern its activity:
-
a) Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data.
b) Request and retain, under the conditions provided by law, a copy of the respective authorization granted by the Holder.
c) Duly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.
d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
e) Guarantee that the information provided to the Data Processor is true, complete, accurate, updated, verifiable and understandable.
f) Update the information, communicating in a timely manner to the Data Processor all the news regarding the data that has been previously provided and adopt the other necessary measures so that the information provided to him is kept up to date.
g) Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor.
h) Provide the Data Processor, as the case may be, only with data whose processing is previously authorized in accordance with the provisions of the law.
i) Demand that the Data Processor respect the security and privacy conditions of the Owner’s information at all times.
j) Process the queries and complaints made in the terms indicated in the law.
k) Adopt specific procedures to guarantee adequate compliance with the law and especially to address queries and complaints.
l) Inform the Data Processor when certain information is being discussed by the Owner, once the claim has been submitted and the respective process has not been completed.
m) Inform the Owner at his or her request about the use of his or her data.General actions for the protection of personal data: The general guidelines applied by the company in order to comply with its obligations in compliance with the principles for the administration of personal data are established below.
Information processing: All members of the company, when carrying out the activities inherent to their position, will assume the responsibilities and obligations that are incurred in the proper handling of personal information, from its collection, storage, use, circulation and final disposal.
Use of information: The personal information contained in the databases must be used and processed in accordance with the purposes described in this policy.
Storage of information: The storage of digital and physical information is carried out in media or environments that have adequate controls for the protection of data.
Procedure for managing incidents with personal data: If the user becomes aware of any incident that has occurred, he or she must report it to the company, which will take the appropriate measures in response to the reported incident.
Procedure to address the rights of the holders: Holders of Personal Data, regardless of the type of relationship they have with the company, may exercise their rights to consult, know, update, rectify and delete information and/or revoke the authorization granted, through the presentation of a right of petition filed at any of the company’s notification addresses.
The information of the person responsible for the processing of personal data, in which queries, complaints or requests related to the processing of personal data may be submitted, is as follows:
COMPANY NAME: DRA ALEJANDRA AZCÁRATE
ADDRESS: CRA 105 # 14 – 89 CC La Babilla, Ciudad Jardín (CALI, VALLE).
EMAIL: aleja_azcarate1995@hotmail.com
MOBILE: (+57) 310 718 8936
In accordance with the Personal Data Protection Law, the owner of the information has the right to know, update, rectify and delete their personal data, as well as revoke the authorization granted for its processing, file complaints, and other rights provided for in the applicable law.
Date of preparation and publication: 01 NOVEMBER 2023
Date of last update: 18 NOVEMBER 2024